Corporations have been enthroned, An era of corruption in high places will follow and the money power will endeavor to prolong its reign by working on the prejudices of the people until wealth is aggregated in a few hands and the Republic is destroyed. ~Abe Lincoln 1ApJdWUdSWYw8n8HEATYhHXA9EYoRTy7c4

Your account is currently pending review, please visit https://mtgox.com/forms/verificationFor those users who have had their accounts marked for review, an explanation of why were are implementing these security measures can be found here:

Security Measures Explained

“Verified” Accounts are eligible for monthly/daily transaction limits of up to 5 times the monthly limit and 10 times the daily limit.

In order to apply for the “Verified” account status please attach a copy of the following documents:- Your government issued photo ID (passport, permanent residence card or driver’s license) and- A scan of either your monthly utility bill (power, phone, TV, gas, water, etc.) or a certificate of residency issued by your local government.

Thank you, this is indeed a phishing attempt. We will never send you an email asking you to log in anywhere, although we may occasionally send emails pointing you to the support page for information updates.

The email you provided has been documented, and will be used in our efforts to prevent phishers from continuing to target our users.

User sets a 1 hour to 48 hour delay timer. Once set this timer can't be removed or reduced without waiting timeout period.

1) User (or attacker makes withdraw attempt)2) User email (and possible SMS) is notified.3) Timer engages. If user set a 24 hour delay then funds will transfer in 24 hours.4) If transfer is valid then user does nothing and in 24 hours funds will transfer.5) If transfer if bogus then user aborts the transfer.

Making other "high security" changes would also require notification and delay timer period.* changing email address* adding new bank account for wire transfers

Yeah it would be less convenient is user wants to move funds rapidly but it would be user optional. Users can each choose the compromise between security and convenience.

User sets a 1 hour to 48 hour delay timer. Once set this timer can't be removed or reduced without waiting timeout period.

1) User (or attacker makes withdraw attempt)2) User email (and possible SMS) is notified.3) Timer engages. If user set a 24 hour delay then funds will transfer in 24 hours.4) If transfer is valid then user does nothing and in 24 hours funds will transfer.5) If transfer if bogus then user aborts the transfer.

Making other "high security" changes would also require notification and delay timer period.* changing email address* adding new bank account for wire transfers

Yeah it would be less convenient is user wants to move funds rapidly but it would be user optional. Users can each choose the compromise between security and convenience.

Thats a damn good idea, you would save so much money from being stolen!

User sets a 1 hour to 48 hour delay timer. Once set this timer can't be removed or reduced without waiting timeout period.

1) User (or attacker makes withdraw attempt)2) User email (and possible SMS) is notified.3) Timer engages. If user set a 24 hour delay then funds will transfer in 24 hours.4) If transfer is valid then user does nothing and in 24 hours funds will transfer.5) If transfer if bogus then user aborts the transfer.

Making other "high security" changes would also require notification and delay timer period.* changing email address* adding new bank account for wire transfers

Yeah it would be less convenient is user wants to move funds rapidly but it would be user optional. Users can each choose the compromise between security and convenience.

Thats a damn good idea, you would save so much money from being stolen!

I was at 7-11 yesterday. They have those time lock safes and it made me think of it.

User sets a 1 hour to 48 hour delay timer. Once set this timer can't be removed or reduced without waiting timeout period.

1) User (or attacker makes withdraw attempt)2) User email (and possible SMS) is notified.3) Timer engages. If user set a 24 hour delay then funds will transfer in 24 hours.4) If transfer is valid then user does nothing and in 24 hours funds will transfer.5) If transfer if bogus then user aborts the transfer.

Making other "high security" changes would also require notification and delay timer period.* changing email address* adding new bank account for wire transfers

Yeah it would be less convenient is user wants to move funds rapidly but it would be user optional. Users can each choose the compromise between security and convenience.

Thats a damn good idea, you would save so much money from being stolen!

I was at 7-11 yesterday. They have those time lock safes and it made me think of it.

Hopefully Mt. Gox understands that layered security is the only real security. Personally I always look for the Green Address but some people don't.

If you're referring to how passwords are stored server-side, then it should be hashed, not encrypted (huge difference). Also, they should be salted and hashed with something like bcrypt with performs key hardening, not a hash primitive like sha256.

If you're referring to how passwords are stored server-side, then it should be hashed, not encrypted (huge difference). Also, they should be salted and hashed with something like bcrypt with performs key hardening, not a hash primitive like sha256.

Yeah I was thinking that just wrote encryption for some reason. Updated.

I also got the same mail, stating that my account is under review.I was shocked for a moment, since after much struggle I was able to get Verified status.When I clicked the link, it asked for username and password, resembling the same new mtgox interface.Then I noticed the last price, which was some $3.xx, which alarmed me, since I had seen the price at 4.6x some 5-10 minutes ago.After that I noticed the URL and then I was sure this is phishing

I just got this same phishing E-mail about acounts being verified today.It looked pretty legit also. But I knew right away it was wierd.

How the hell did they get my E-Mail address to send me this letter?

Empty your mind, be formless, shapeless — like water. Now you put water in a cup, it becomes the cup; You put water into a bottle it becomes the bottle; You put it in a teapot it becomes the teapot. Now water can flow or it can crash. Be water, my friend.